You are here

How to guard against credit card hackers

By CHICAGO TRIBUNE

The cyber thieves who broke into the computer systems of giant merchant Target Corp. timed their scam perfectly. Beginning just before the Black Friday shopping extravaganza and continuing through Dec. 15, they stole information from as many as 40 million credit and debit cards at the peak of the holiday selling season. Customer names, card numbers, expiration dates and card security codes were compromised.

Companies and government prosecutors will do what they can, but consumers will have to become more vigilant about watching for the handiwork of tech-savvy crooks. U.S. law protects consumers from most of the financial responsibility for fraudulent transactions, but there’s still some risk … and a lot of hassle.

It pays to regularly monitor your credit and debit accounts. Anyone who used plastic to shop at Target stores between Nov. 27 and Dec. 15 should make a special effort to search their records for unauthorized charges. It’s common for thieves to test stolen cards by first making small purchases, so watch for those. Immediately report unauthorized charges to the card issuer. If fraud is detected, the accounts involved will have to be closed and replaced.

You can sign up for online alerts or other card-monitoring services that many issuers offer to give customers immediate notice whenever a card is used. It’s a good idea to periodically change the PIN associated with cards (although Target said no PINs were accessed in its data breach). Watch out for scammers who pretend to be with Target or a card issuer: Don’t give out personal information over the phone or online without confirming who is on the receiving end.

Pain in the neck? You bet.

It is incredibly frustrating when criminals manage to stay a step ahead of sophisticated companies and their customers. Target and its corporate peers have plenty of motivation to continually upgrade their security safeguards — the retailer is feeling the heat from understandably anxious customers. Fraud-resistant cards equipped with smart chips instead of magnetic strips are starting to appear in the U.S. Yet these scams occur with disturbing frequency and, as in the Target case, on a mind-boggling scale.

It was good to see federal prosecutors bring charges this summer against a brazen ring of alleged foreign card thieves. Four Russian nationals and a Ukrainian were accused of stealing 160 million card numbers from more than a dozen companies, including 7-Eleven, JetBlue and J.C. Penney. Losses ran into hundreds of millions of dollars. One of the defendants was among those charged in a separate indictment with hacking into New York financial institutions, including the Nasdaq stock exchange.

The attackers used a sophisticated division of labor to hide their tracks, with no single person hosting a Web server, breaking into a site and fetching the valuable data. That decentralized style of operation is typical of Russian organized-crime syndicates, prosecutors allege. When an attack on the supermarket chain Hannaford was noticed, according to the indictment, one alleged accomplice in the case messaged a defendant to say that, “Hannaford will spend millions to upgrade their security!! lol.” The reply: “They would better pay us to not hack them again.”

Rules for posting comments

Comments posted below are from readers. In no way do they represent the view of Oahu Publications Inc. or this newspaper. This is a public forum.

Comments may be monitored for inappropriate content but the newspaper is under no obligation to do so. Comment posters are solely responsible under the Communications Decency Act for comments posted on this Web site. Oahu Publications Inc. is not liable for messages from third parties.

IP and email addresses of persons who post are not treated as confidential records and will be disclosed in response to valid legal process.

Do not post:

Potentially libelous statements or damaging innuendo.

Obscene, explicit, or racist language.

Copyrighted materials of any sort without the express permission of the copyright holder.

Personal attacks, insults or threats.

The use of another person's real name to disguise your identity.

Comments unrelated to the story.

If you believe that a commenter has not followed these guidelines, please click the FLAG icon below the comment.